Hi Mike,

> Did you find something that could help us?

You gave the answer basically yourself by considering the very old
strongSwan version (which you claimed to be 5.5.3 on both ends in your
original mail btw.).  If you didn't stop there but e.g. checked the
changelog [1] to see since when IKEv2 signature authentication (and thus
the use of stronger signature algorithms) has been supported (it's
5.3.0) you'd have realized that you can't restrict the signature
algorithm to only SHA-256 during authentication (rightauth) if your
peers use such old versions that only support SHA-1.

> The client has the same configuration as the gateway:
> 
>    ike=aes256-sha256-modp2048,aes256-sha1-modp2048!
>    esp=aes256-sha256-modp2048,aes256-sha1-modp2048!

This has absolutely nothing to do with the authentication, where your
problem is.

Regards,
Tobias

[1]
https://wiki.strongswan.org/projects/strongswan/roadmap?completed=1&from=5.1.3

Reply via email to